Stories about: iDefense

Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process.

After warning on Tuesday that hackers were exploiting an unpatched bug in Adobe Systems' Flash Player software, Symantec has backtracked from this claim, saying the flaw is "very similar" to another vulnerability that was patched last month.

I've had the pleasure of speaking and attending this year's AusCERT 2008 security conference held in Gold Coast, Australia. If you've never been to Australia, you're missing some of the best that life has to offer, and I feel the same way about the conference. Although a bit smaller than most US security conferences, it's intentionally kept small (around 1,000 participants) and makes up in quality speaker presentations and vendor participation what it lacks in headcount. One of the great attributes of the typical Aussie is their aversion to marketing hype, along with their ability to "cut the fat off a chicken" (as my grandmother used to say) and pull out the salient points. If a vendor tries to push marketing fluff about their product too much, they are likely to get verbally assailed rugby-style. Here are some of my favorite notes and quotes from selected speakers:

Three months after acknowledging multiple vulnerabilities in its popular Reader software and then patching the program, Adobe this week finally provided some details about the bugs.

After tricking several thousand executives into downloading malicious software earlier this week, online scammers started up their subpoena phishing scam again Wednesday, but on a much smaller scale.

Panos Anastassiadis didn't click on the fake subpoena that popped into his inbox on Monday morning, but he runs a computer security company. Others were not so lucky.

The black market for software vulnerabilities is booming, with bugs regularly being sold for thousands of dollars a piece online. And one of the only ways to reduce this steady stream of hacks, according to Geekonomics author and IT security pro David Rice, is for software companies to simply write better code.

Symantec has confirmed flaws in its most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect.

It's the most anticipated matchup in the hacker world: Linux versus Mac OS X versus Vista. Who will get hacked first?

Microsoft issued four critical updates Tuesday that quashed 12 bugs in Office, the company's business suite, including a flaw in Excel that has been exploited by attackers for more than two months.

A rootkit uncovered in the wild in December is proving to be a real headache to detect, according to Finnish security company F-Secure.